CVE-2025-45765

{"id": "CVE-2025-45765", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "[email protected]"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2025-08-07T21:15:27.570", "references": [{"url": "https://gist.github.com/ZupeiNie/c621253068ce5b64911629534879e8f9", "source": "[email protected]"}, {"url": "https://github.com/jwt/ruby-jwt/issues/668", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is \"keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also.\""}, {"lang": "es", "value": "Se descubri\u00f3 que ruby-jwt v3.0.0.beta1 conten\u00eda un cifrado d\u00e9bil. NOTA: El proveedor considera que el tama\u00f1o de clave no es algo que esta librer\u00eda imponga. Actualmente, las versiones m\u00e1s recientes de OpenSSL imponen ciertos tama\u00f1os de clave, y estas restricciones tambi\u00e9n se aplican a los usuarios de esta gema."}], "lastModified": "2025-08-12T15:15:29.880", "sourceIdentifier": "[email protected]"}